<?php
include("../../tools/session.php");
include("../../tools/controls.php");
include("../../tools/pub.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
   include("tpl-inc-wp.php");
   include("../../tools/mysql.php");
   db_connect();
   
   $tpl->assign("notice_author", $_SESSION["user"]["username"]);
   $tpl->display($oa_tpl_path . "/default/notice_create.html");
}
// 如果 $page_status 为 1，那么提交数据
elseif ($page_status == 1)
{
   $alert_str = array("Success: 通知发布成功！",
					  "Error: 通知发布失败！请重试。");
   
   include("../../tools/mysql.php");
   db_connect();
   
   $title = mysql_escape_string($_POST["title"]);
   if (!$title || $title == "") { $title = "无标题"; }
   $content = mysql_escape_string($_POST["content"]);
   $author = mysql_escape_string($_POST["author"]);
   
   $sql = "INSERT INTO notice(title, content, user_id, author, addtime) "
	 . " VALUES('" . $title . "', '" . $content . "', " . $_SESSION["user"]["id"] . ", '" . $author . "', NOW())";
   // echo (db_exec($sql)) ? $alert_str[0] : $alert_str[1];
   if (db_exec($sql))
   {
   		echo $alert_str[0];
   		write_event_to_log($_SESSION["user"]["id"], "以 " . $author . " 的名义发布通知 “" . $title . "” 成功！", FALSE);
   }
   else
   {
   		echo $alert_str[1];
   		write_event_to_log($_SESSION["user"]["id"], "以 " . $author . " 的名义发布通知失败！", FALSE);
   }
}
?>
